<?php
if (!defined('INWEB')) header("Location: ../index.php");
$a=getVar('a');
$id=getVar('id');
includeLang('users');
function groupSelect($groups, $id)
{
    $content='<select name="group" disabled="">';
    foreach($groups as $key=>$value)
    {
        $selected=($key==$id)?' selected="selected"':'';
        $content.='<option value="'.$key.'"'.$selected.'>'.$value.'</option>';
    }
    $content.='</select>';
    return $content;
}
switch($a)
{
    case 'add':
    if($_POST)
    {
        try
        {
            $name=getVar('name');
            $abbr=getVar('abbr');
            $usr=getVar('user');
            $pass=getVar('pass');
            $gr=getVar('group','int');
            $epass=$user->encpass($pass);
            $sql->query("SELECT * FROM employees WHERE user='$usr';");
            if($sql->row_count)
            {
                msg($Lang['error'],$Lang['user_exists'], 'error');
            }
            else
            {
                $sql->query("INSERT INTO employees (`name`, `abbr`, `user`, `pass`, `group_id`) VALUES ('$name', '$abbr', '$usr', '$epass', '$gr');");
                msg($Lang['success'],$Lang['user_added'].'</br> <a href="?p='.$page.'">'.$Lang['back'].'</a>');
            }
        }
        catch(Exception $e)
        {
            msg($Lang['error'],$e->getMessage(),'error');
        }
    }
    else
    {
        echo '<form action="?p='.$page.'&a=add" method="post"><table border="1">';
        echo '<tr><th>'.$Lang['name'].'</th><td><input type="text" name="name" /></td></tr>';
        echo '<tr><th>'.$Lang['abbr'].'</th><td><input type="text" name="abbr" /></td></tr>';
        echo '<tr><th>'.$Lang['login'].'</th><td><input type="text" name="user" /></td></tr>';
        echo '<tr><th>'.$Lang['pass'].'</th><td><input type="password" name="pass" /></td></tr>';
        $sql->query("SELECT id, name FROM groups;");
        echo '<tr><th>'.$Lang['group'].'</th><td><select name="group"><option value="" selected="selected"></option>';
        while($gr=$sql->fetch_array())
        {
            echo '<option value="'.$gr['id'].'">'.$gr['name'].'</option>';
        }
        echo'</select></td></tr></table><input type="submit" class="yt_button" value="'.$Lang['add'].'" /></form>';
    }
    break;
    case 'edit':
        if($_POST)
        {
            try
            {
                $name=getVar('name');
                $abbr=getVar('abbr');
                $usr=getVar('user');
                //$pass=getVar('pass');
                $gr=getVar('group','int');
                //$epass=$user->encpass($pass);
        
                $sql->query("UPDATE employees SET `name`='$name', `abbr`='$abbr', `user`='$usr', `group_id`='$gr' WHERE id='$id';");
                msg($Lang['success'],$Lang['user_updated'].'</br> <a href="?p='.$page.'">'.$Lang['back'].'</a>');
                
            }
            catch(Exception $e)
            {
                msg($Lang['error'],$e->getMessage(),'error');
            }
        }
        else
        {
            $sql->query("SELECT * FROM employees WHERE id='$id';");
            $emp=$sql->fetch_array();
            echo '<form action="?p='.$page.'&a=edit&id='.$id.'" method="post"><table border="1">';
            echo '<tr><th>'.$Lang['name'].'</th><td><input type="text" name="name" value="'.$emp['name'].'" /></td></tr>';
            echo '<tr><th>'.$Lang['abbr'].'</th><td><input type="text" name="abbr" value="'.$emp['abbr'].'" /></td></tr>';
            echo '<tr><th>'.$Lang['login'].'</th><td><input type="text" name="user" value="'.$emp['user'].'" /></td></tr>';
            $groups=$sql->query("SELECT id, name FROM groups;");
            echo '<tr><th>'.$Lang['group'].'</th><td><select name="group">';
            while($gr=$sql->fetch_array($groups))
            {
                    $selected=$gr['id']==$emp['group_id']?' selected="selected"':'';
                echo '<option value="'.$gr['id'].'"'.$selected.'>'.$gr['name'].'</option>';
            }
            echo'</select></td></tr></table><input type="submit" class="yt_button" value="'.$Lang['edit'].'" /></form>';
        }
    break;
    case 'delete':
        if($user->getVar('id')==$id)
        {
            msg($Lang['error'],$Lang['can_not_delete_self'],'error');
        }
        else
        {
            if(isset($_GET['confirm']))
            {
                $sql->query("DELETE FROM employees WHERE id='$id';");
                msg($Lang['success'],$Lang['user_deleted']);
            }
            else
            {
                msg($Lang['warning'],$Lang['are_u_sure_delete_user'].$id.' ?<br /> <a href="?p='.$page.'&a=delete&id='.$id.'&confirm">'.$Lang['yes'].'</a>/<a href="?p='.$page.'">'.$Lang['no'].'</a>','warning');
            }
        }
    break;
    default:
        echo '<a href="?p='.$page.'&a=add"><img src="img/add.png" alt="'.$Lang['add'].'" title="'.$Lang['add'].'" /></a><table border="1">';
        echo '<tr><td>'.$Lang['name'].'</td><td>'.$Lang['abbr'].'</td><td>'.$Lang['login'].'</td><td>'.$Lang['group'].'</td><td>'.$Lang['online'].'</td><td>'.$Lang['actions'].'</td></tr>';
        $groups=array();
        $group=$sql->query("SELECT `id`, `name` FROM `groups`;");
        while($gr=$sql->fetch_array($group))
        {
            $groups[$gr['id']]=$gr['name'];
        }
        $employees=$sql->query("SELECT `id`, `name`, `abbr`, `user`, `group_id`, `lastAccess` FROM `employees`;");
        while($emp=$sql->fetch_array($employees))
        {
            $online=($emp['lastAccess']+getConfig('settings','online_time','300')>time())?'online':'offline';
            echo '<tr><td>'.$emp['name'].'</td><td>'.$emp['abbr'].'</td><td>'.$emp['user'].'</td><td>'.groupSelect($groups,$emp['group_id']).'</td><td><img src="img/'.$online.'.png" alt="'.$Lang[$online].'" title="'.$Lang[$online].'" /></td><td><a href="?p='.$page.'&a=edit&id='.$emp['id'].'"><img src="img/edit.png" alt="'.$Lang['edit'].'" title="'.$Lang['edit'].'" /></a><a href="?p='.$page.'&a=delete&id='.$emp['id'].'"><img src="img/delete.png" alt="'.$Lang['delete'].'" title="'.$Lang['delete'].'" /></a></td></tr>';
        }
        echo '</table>';
    break;
}
?>